CORPORATE GOVERNANCE 114 Al-`Aqar Healthcare REIT | Annual Report 2024 The Enterprise Risk Management Committee The ERMC supports the BARC in carrying out its oversight role. The ERMC ensures implementation and compliance with the Enterprise Risk Management Frameworks, enterprise risk management programmes, and monitoring of risk mitigation performance. The ERMC also sets the strict direction for risk roles, responsibilities, and risk reporting structures within the organisation. The ERMC meeting, is chaired by the Chief Executive Officer (CEO) and comprise of respective head of departments and/or Risk Owners. The ERM Committee is responsible for overseeing the identification, assessment, mitigation, and monitoring of key risks that could impact an organisation’s ability to achieve its strategic and operational objectives. Risk Monitoring & Reporting • Receive regular risk reports and dashboards from the risk management function. • Track key risk indicators (KRIs) and ensure timely escalation of red flags or breaches. • Ensure periodic updates to the board and audit committee on the risk profile and mitigation efforts. 5 The ERMC makes periodic reports to both the BARC risk management issues/ mitigation actions undertaken to keep the BARC apprised and advised of all aspects of the enterprise risk management, and significant risks and risk trends. Risk Governance & Framework Oversight • Establish and maintain the enterprise risk management framework, policies, and procedures. • Promote a risk-aware culture across the organisation. • Ensure risk governance aligns with corporate strategy and regulatory expectations. 1 Identification & Assessment of Key Risks • Review reports from risk owners and business units to identify emerging and existing risks. • Evaluate strategic, operational, financial, reputational, regulatory, and ESG-related risks. • Facilitate regular risk identification workshops or surveys. 2 Risk Mitigation & Control Effectiveness • Oversee development of risk response strategies, including mitigation plans, controls, and contingency actions. • Monitor the implementation and effectiveness of internal controls and risk treatment plans. 4 Risk Appetite & Tolerance Setting • Recommend and review the organisation’s risk appetite statement and tolerance limits. • Ensure risk-taking aligns with the board’s expectations and the entity’s capacity to absorb risk. 3 STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL
RkJQdWJsaXNoZXIy NDgzMzc=